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REMARKS 

This responds to the Office Action dated September 13, 2006. Claims 6 and 1 1 are 
amended. Claims 1-35 are pending in this application. 

Interview Summary 

Applicant thanks Examiner Michael J. Simitoski for the courtesy of a telephone interview 
on January 9, 2007 with Applicant's representative Paul J. Urbanski. 

Mr. Simitoski indicated that the objection regarding the petition and evidence in 
contacting Ms. Bogle is withdrawn. 

Mr. Simitoski stated that the declarations previously submitted under 37 C.F.R. § 1.131 
are not sufficient. For each Thomsen article, Mr. Simitoski requires that the contribution (to the 
invention) of the fourth inventor who is not included as an author in the article be entered into 
the record, and that a description of the claimed subject matter to which the fourth inventor 
contributed also be entered into the record. Mr. Simitoski also requires additional evidence 
showing diligence between Conception and Reduction to Practice. 

Si 101 Rejection of the Claims 
Claims 6-13 were rejected under 35 U.S.C. § 101 as being directed to non-statutory 
subject matter. 

Claims 6 and 1 1 were amended to overcome the rejection under 35 U.S.C. § 101. 
Support for the amendments is found generally within the specification (see e.g., page 5 line 29 
through page 6 line 4, and page 6 lines 12-17). Applicant respectfully requests reconsideration 
and allowance of claims 6-13. 



§ 102 Rejection of the Claims 
1. Claims 1-3, 5-6, and 1 1-13 were rejected under 35 U.S.C. § 102(a) for anticipation by 
"Role Based Access Control Framework for Network Enterprises" by Thomsen, O'Brien and 
Bogle (Thomsen #1). Applicant respectfully traverses the rejection. 

The submitted declarations state that the invention by the Applicant was prior to any 
description of the invention in Thomsen #1, and that any disclosure of the claimed invention in 
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the Thomsen #1 was the Applicant's own invention. The declarations are sufficient to remove 
the rejections under § 102(a) because they establish that the invention was not by another and 
that the invention took place before the publication of Thomsen #1 . 

In addition to the submitted declarations, the Office Action requires that the contribution 
[to the invention] of the fourth inventor who is not included as an author in the article be entered 
into the record, and that a description of the claimed subject matter to which the fourth inventor 
contributed also be entered into the record. It appears that the Office Action is trying to use 
Thomsen #1 to establish inventorship. However, the submitted declarations state that the 
inventors are joint inventors. Applicant respectfully submits that the additional information 
required by the Examiner is not relevant and should not be entered into the record. 

The Office Action further requires the Applicant to show in what time period reduction to 
practice occurred, and to show diligence between the conception and reduction to practice. 
However, this requirement of diligence is associated with an interference under § 102(g) rather 
than invention under § 102(a). Such a requirement also ignores the grace period provided in § 
102(b). Applicant respectfully submits that the showing of diligence is not required. 

Applicant respectfully submits that the declarations are sufficient to remove the rejections 
under § 102(a) in view of Thomsen #1, and requests withdrawal of the rejection and allowance 
of claims 1-3, 5-6, and 1 1-13. 

2. Claims 1-35 were rejected under 35 U.S.C. § 102(a) for anticipation by "Napoleon 
Network Application Policy Environment" by Thomsen, O'Brien and Payne (Thomsen #2). 
Applicant respectfully traverses the rejection. 

The submitted declarations state that the invention by the Applicant was prior to any 
description of the invention in Thomsen #2, and that any disclosure in the Thomsen #2 was the 
Applicant's own invention. The declarations are sufficient to remove the rejections under § 
102(a) because they establish that the invention was not by another and that the invention took 
place before the publication of Thomsen #2. 

The Office Action additionally requires that the contribution of the fourth inventor who is 
not included as an author in the article be entered into the record, and that a description of the 
claimed subject matter to which the fourth inventor contributed also be entered into the record. 
It appears that the Office Action is trying to use Thomsen #2 to establish inventorship. However, 
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the submitted declarations state that the inventors are joint inventors. Applicant respectfully 
submits that the additional information required by the Examiner is not relevant and should not 
be entered into the record. 

The Office Action further requires the Applicant to show in what time period reduction to 
practice occurred, and to show diligence between the conception and reduction to practice. 
However, this requirement of diligence is associated with an interference under § 102(g) rather 
than invention under § 102(a). Such a requirement also ignores the grace period provided in § 
102(b). Applicant respectfully submits that the showing of diligence is not required. 

Further still, the Office Action requires evidence declaring what parts of Thomsen #2 
were invented prior to October 1999 and to what claims the subject matter applies. However, the 
submitted declarations state that any disclosure in the Thomsen articles of subject matter claimed 
in the Application was invented prior to publication date of the earliest of the Thomsen articles. 
Applicant respectfully submits that additional evidence is not required. 

Applicant respectfully submits that the declarations are sufficient to remove the rejections 
under § 102(a) in view of Thomsen #2, and requests withdrawal of the rejection and allowance 
of claims 1-35. 

3. Claims 1-4 and 32 were rejected under 35 U.S.C. § 102(a) for anticipation by "The 

ARBAC97 Model for Role-Based Administration of Roles" by Sandhu et al. ("Sandhu"). 

Applicant respectfully traverses the rejection. The Office Action fails to establish a 

prima facie case of anticipation because Sandhu does not teach all of the elements presently 

recited in the claims. Applicant cannot find in Sandhu any teaching of, among other things, 

encapsulating security mechanism application specific information for each 
security mechanism, wherein encapsulating includes forming a key for each 
security mechanism, 

as recited in claim 1 . 

The Office Action reads the abilities of Sandhu onto the key recited in the claim. 
Applicant respectfully disagrees with this characterization of a key as described in the present 
application. 
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Sandhu states that a permission is an approval of a particular mode of access to one or 
more objects in the system or some privilege to carry out specified action, 1 and that an ability is a 
collection of permissions that should be assigned as a single unit to a role. 2 Sandhu does not 
describe encapsulation. Instead, Sandhu describes a collection. Sandhu also states that abilities 
are roles. 3 For example, approval of a loan is a permission that is assigned to a managerial role. 4 

In the instant Patent Application, keys are building blocks of system 10, and a key 
represents the ability to access some resource. 5 Keys are not capabilities. 6 A key is an abstract 
representation of some rights, independent of the implementation mechanism, and a capability is 
data that states the bearer has the rights defined in the capability. 7 Application specific 
information is encapsulated so that it can be incorporated into higher layers in a uniform 
manner. 8 Internal to the application key the policy information may be organized in any way 
that is convenient to the application. 9 This prevents the local system administrator from having 
to understand [the application] policy. 10 Thus, abilities that are roles do not read on the keys 
recited in the claims. 

Additionally, Applicant cannot find, encapsulating key chains as keys and passing the 
key chain keys to another semantic layer, as recited in claim 1 . The Office Action reads the UP- 
roles of Sandhu onto the semantic layers recited in the claims. 11 Applicant respectfully disagrees 
with this characterization of the semantic layer recited in the claims. 

Sandhu refers to assigning roles to roles to define a role-role hierarchy, 12 and states that 
assigning an ability to a role is mathematically equivalent to making the UP-role an immediate 
senior of the ability in the role-role hierarchy. 13 In contrast to UP-roles in a role-role hierarchy, 
the Patent Application teaches that keys are combined into semantic layers. 14 Therefore, 



1 Sandhu, pg. 107. 

2 Sandhu, pg. 122 H 5.1. 

3 Id. 

4 Sandhu, pg. 107. 

5 Patent Application, pg. 11, lines 10-11. 

6 Patent Application, pg. 1 1 line 17. 

7 Id., lines 17-19. 

8 Patent Application, pg. 12, lines 9-10. 

9 Patent Application, pg. 12 lines 17-18. 

10 Patent Application, pg. 10 lines 18-19. 

11 Office Action, pg. 4 H 8. 

12 Sandhu, pg. 107. 

13 Sandhu, pg. 123. 

14 Patent Application, pg. 13 line 25. 
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semantic layers are closely tied to static application descriptions, 15 in contrast to the UP-Roles of 
Sandhu which have no restriction on membership. 16 To highlight the differences between 
semantic layers and UP-Roles, it is useful to note that an advantage of semantic layers over a 
standard role hierarchy is that they impose well-defined structure, and that adding semantic 
layers to a role hierarchy does not increase the depth of the hierarchy. 17 Therefore, the UP-Role 
of Sandhu does not read on the semantic layer recited in the claims. 

Applicant respectfully requests reconsideration and allowance of claims 1-4 and 32. 

§ 103 Rejection of the Claims 
Claims 5-10 were rejected under 35 U.S.C. § 103(a) as being unpatentable over Sandhu, 
as applied to claim 1 above, in further view of "Issues in the Design of Secure Authorization 
Service for Distributed Applications" by Varadharajan, Pato, and Crall ("Crall"). Applicant 
respectfully traverses the rejection. The Office Action fails to establish a prima facie case of 
obviousness because the proposed combination of Sandhu and Crall does not teach or suggest all 
of the elements recited in the claims. 
Regarding claim 5: 

Claim 5 depends on base claim 1 . Applicant believes that base claim 1 is allowable at 
least for the reason that Sandhu fails to teach or suggest all of the elements of base claim 1. Crall 
fails to teach or suggest the missing elements. Applicant respectfully requests reconsideration 
and allowance of claim 5. 
Regarding claims 6-10: 

Applicant cannot find in Sandhu or Crall any teaching or suggestion of, among other 

things, 

a plurality of semantic layers . . . [that] include keys combinable into key chains, 
. . . wherein each key encapsulates security mechanism application specific 
information for a security mechanism, 

as recited in claim 6. 



15 Patent Application, pg. 15 lines 9-10. 

16 Sandhu, pg. 122 f 5.1. 

17 Patent Application, pg. 14 line 13-15. 
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The Office Action reads abilities of Sandhu onto the keys recited in the claims. 
However, as set forth above abilities that are roles do not read on the keys. The Office Action 
reads the UP-Roles of the role-role hierarchy of Sandhu onto the semantic layers recited in the 
claims. However, as set forth above the UP-Roles of Sandhu do not read on the semantic layer 
recited in the claims. Crall does not teach or suggest the missing elements. 

Additionally, a showing of proper motivation to combine Sandhu and Crall is lacking. 
The Office Action states that Crall discloses an interface to make it easy for administrators to 
manage users, and that it would have been obvious ... to perform such a modification to . . . allow 
administrators to manage large groups of users. 18 However, Crall merely states that 
"administration is provided with an easy to use graphic user interface or batch interface that 
enables administrators to manage relatively large numbers of users with consistent policies 
across applications." 19 Crall does not describe such an interface or how an interface could be 
integrated into the role-role hierarchy of Sandhu, and the Office Action concedes that Sandhu 
lacks a graphical user interface. 20 Applicant respectfully submits that proper motivation is 
lacking to combine a graphical user interface of Crall with the role-role hierarchy of Sandhu to 
create the system claimed in claims 5-10. 

Applicant respectfully requests reconsideration and allowance of claims 5-10. 



18 Office Action, pg. 10. 

19 Crall, pg. 874 If 1. 

20 Office Action, pg. 9. 
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CONCLUSION 

Applicant respectfully submits that the claims are in condition for allowance, and 
notification to that effect is earnestly requested. The Examiner is invited to telephone 
Applicant's attorney at (612) 371-2172 to facilitate prosecution of this application. 

If necessary, please charge any additional fees or credit overpayment to Deposit Account 
No. 19-0743. 

Respectfully submitted, 
DANIEL J. THOMSEN ET AL. 
By their Representatives, 



j. JZ, '1067 



SCHWEGMAN, LUNDBERG, WOESSNER & KLUTH, P.A. 
P.O. Box 2938 
Minneapolis, MN 55402 
(612) 373-6909 

Bv C7<Zu£ Q- Z(aJs&vmAu> 

Paul J. Urbatfski 
Reg. No. 58,351 
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